CVE-2019-17503 PoC — Kirona Solutions Dynamic Resource Scheduling 信息泄露漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-17503.yaml

Associated Vulnerability

Title:Kirona Solutions Dynamic Resource Scheduling 信息泄露漏洞 (CVE-2019-17503)
Description:Kirona Solutions Dynamic Resource Scheduling（DRS）是英国Kirona Solutions公司的一套用于现场服务的动态资源调度软件。 Kirona DRS 5.5.3.5版本中存在安全漏洞。攻击者可利用该漏洞获取SQL数据库信息，例如：数据库版本，表单名称等。

Description

Kirona Dynamic Resource Scheduler is susceptible to information disclosure. An unauthenticated user can directly access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd), which contains sensitive information with exposed SQL queries, such as database version, table name, and column name.

File Snapshot


 id: CVE-2019-17503

info:
  name: Kirona Dynamic Resource Scheduler - Information Disclosure
  autho

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!